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Box No. I Basis of the report 

1 . With regard to the language, this report is based on the international application in the language in which it was 
filed, unless otherwise indicated under this item. 

□ This report is based on translations from the original language into the following language , 
which is the language of a translation furnished for the purposes of: 

□ international search (under Rules 12.3 and 23.1 (b)) 

□ publication of the international application (under Rule 12.4) 

□ international preliminary examination (under Rules 55.2 and/or 55.3) 

2. With regard to the elements* of the international application, this report is based on (replacement sheets which 
have been furnished to the receiving Office in response to an invitation under Article 14 are referred to in this 
report as "originally filed" and are not annexed to this report): 



Description, Pages 

1-11 received on 24.09.2004 with letter of 24.09.2004 
Claims, Numbers 

1 -25 . received on 24.09.2004 with letter of 24.09.2004 
Drawings, Sheets 

1&-3/3 as originally filed 

□ a sequence listing and/br any related table(s) - see Supplemental Box Relating to Sequence Listing 

3. □ The amendments have resulted in the cancellation of: 

□ the description, pages 

□ the claims, Nos. 

□ the drawings, sheets/figs 

□ the sequence listing (specify): 

□ any table(s) related to sequence listing (specify): 

4. □ This report has been established as if (some of) the amendments annexed to this report and listed below 
had not been made, since they have been considered to go beyond the disclosure as filed, as indicated in the 
Supplemental Box (Rule 70.2(c)). 

□ the description, pages 

□ the claims, Nos. 

□ the drawings, sheets/figs 

□ the sequence listing (specify): 

□ any table(s) related to sequence listing (specify): 

* If Item 4 applies, some or all of these sheets may be marked "superseded. " 
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Box No. V Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial 
applicability; citations and explanations supporting such statement 



1. Statement 



Novelty (N) 


Yes: 


Claims 


1-25 




No: 


Claims 




Inventive step (IS) 


Yes: 


Claims 






No: 


Claims 


1-25 


Industrial applicability (IA) 


Yes: 


Claims 


1-25 




No: 


Claims 





2. Citations and explanations (Rule 70.7): 
see separate sheet 
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Re Item V. 



1 . The following documents are referred to in this communication: 

D1 : WO 00/49505 A (HENDRICK COLIN) 24 August 2000 (2000-08-24) 

D2: EP-A-0 899 733 (SONY DADC AUSTRIA AG) 3 March 1 999 (1 999-03-03) 

D3: FR-A-2 822 255 (PAOLUCCI MARGUERITE) 20 September 2002 (2002-09-20) 

2. For the purpose of assessing the novelty and inventiveness of the claims it is considered 
that a DVD is a "copy protected record carrier" due to the fact that a one-to-one copy of a DVD 
cannot be made (for reasons such as difference in maximum size of data possible to put on 
a DVD and a DVD-RAM). 

2.1 It is also considered that features that are prima facie not technical (e.g. "bonus material") 
and that do not contribute to an overall technical effect are not "technical features" in the 
meaning of Rule 6.3(a) and (b) PCT. Consequently , such features can not serve to 
distinguish an invention from the prior art, i.e., they can not contribute to novelty or inventive 
step. 

3. The subject-matter of claim 1 is not inventive in the sense of Article 33(3) PCT for the 
following reason: 

Document D1 discloses (the references in parenthesis applying to this document): 

Method for securing an access to a predetermined area of a target server, providing an 
information file ( the information file is a part of the smart card memory that contains the URL 
and the project identifier) on a copy protected record carrier (the copy protected record carrier 
is the smart card) which information file comprises a project identifier (page 8, line 7 - 
"verification codes") and/or an address of an authentication server (the URL of the bank - see 
page 18, lines 16-25) with which an application ("application program" - page 8, line 30) using 
said information file can communicate so that the authentication server can initiate and 
confirm a connection between a computer on which said application is started and said 
predetermined area of said target server that is identified by the authentication server and/or 
the project identifier (it is implicit in D1 for the person skilled in the art, that the bank from page 
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18, line 22, which is also the ISP, authenticates the user, using the "user's login identification 
and password" disclosed on page 8, lines 3-5, for example, before connecting him to the 
"personalized web page" from page 18, line 20). 

The subject-matter of claim 1 therefore differs from this known D1 only in that, according to 
claim 1 said authentication server further verifies whether or not a changing parameter of the 
computer, in particular a randomly generated number and/or a computer system time 
transmitted from said computer, was not already previously used and initiates a connection 
of said computer with said predetermined area of said target server in case of a positive 
verification, whereas D1 is silent about such a verification. 



The problem to be solved by the present invention may therefore be regarded as how to make 
the authentication procedure resistant against a reply attack. 

The solution proposed in claim 1 of the present application cannot be considered as involving 
an inventive step (Article 33(3) PCT) for the following reasons: 

A person skilled in the art will recognize that the procedure used in D1 for authentication is 
vulnerable to a third-party copying the password used to access the personalized web page 
in order to impersonate the user at a later time. In order to make the procedure resistant to 
such an attack, a person skilled in the art would search the prior art in the same field and find 
a solution to that problem in D3, page 6, lines 20 to 33, namely the use of a one-time 
password, such as a randomly generated number or a computer system time, in the 
authentication procedure, and would apply this solution to the method described in document 
D1 , thus arriving at the method claimed in claim 1 . 

Therefore the subject-matter of claim 1 does not involve an inventive step in the sense of 
Article 33(3) PCT, and the criteria of Article 33(1) PCT are not met. 

3.1 D1 also discloses that the information file contains the user login identification and 
password (D1 , page 8, line 5), which is implicitly accessed in order to start the secure access. 
Therefore the subject-matter of claim 5, is also not inventive in the sense of Article 33(3) 
PCT. 
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3.2 Claims 17,19 relate to a subject-matter similar or corresponding to claim 1 and are 
therefore also not inventive in the sense of Article 33(3) PCT. 

4. Dependent claims 2-4, 6-16,18 20-25 do not contain any features which, in combination 
with the features of any claim to which they refer, meet the requirements of the PCT in respect 
of inventive step (Article 33(3) PCT), the reason being as follows: 

• For claims 2-4,6,16,18,22-24 - D1 discloses an autorun-information file which provides 
an automatic execution of a predetermined executable file after the smart card is loaded 
in the reader (page 1 1 , lines 9-1 7 exemplifies procedures of automatic execution and the 
information file can be the application itself that can be stored on the smart card - see 
page 12 lines 3-4 ) 

• The additional features of claims 7,14,20,21 are simple design choices for a person 
skilled in the art (see also D2 for background information). 

• For claim 8: see paragraph 3 above. 

• For claim 9: Verifying the identity of the other part in a computer communication is 
straightforward and doing that by using encryption is just a design choice. 

The additional features of claims 10-13 are mere design choices 

• Claims 15 and 25 do not add any technical features to the subject matter of the claims 
to which they refer. 
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